TYPO3 Core Multiple Security Vulnerabilities

TYPO3 is prone to multiple vulnerabilities, including SQL-injection, cross-site scripting, information-disclosure, frame- and session-hijacking, and shell-command-execution issues.

Note that exploits for some of the issues may require a valid backend login.

Successful exploits may allow attackers to:
- access or modify data
- exploit latent vulnerabilities in the underlying database
- obtain sensitive information
- gain unauthorized access to the affected application
- execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site
- hijack user sessions
- execute arbitrary commands in the context of the webserver process

A successful attack will compromise the application and may help in further attacks.

The issues affect the following TYPO3 versions:

4.0.13 and earlier
4.1.12 and earlier
4.2.9 and earlier
4.3.0beta1 and earlier


Privacy Statement
Copyright 2010, SecurityFocus